Tageszusammenfassung - 04.02.2021

End-of-Day report

Timeframe: Mittwoch 03-02-2021 18:00 - Donnerstag 04-02-2021 18:00 Handler: Thomas Pribitzer Co-Handler: Dimitri Robl

News

Malicious Chrome and Edge add-ons had a novel way to hide on 3 million devices

28 malicious extensions disguised traffic as Google Analytics data.

New Fonix ransomware decryptor can recover victims files for free

Kaspersky has released a decryptor for the Fonix Ransomware (XONIF) that allows victims to recover their encrypted files for free.

https://www.bleepingcomputer.com/news/security/new-fonix-ransomware-decryptor-can-recover-victims-files-for-free/

How to Audit Password Changes in Active Directory

Todays admins certainly have plenty on their plates, and boosting ecosystem security remains a top priority. On-premises, and especially remote, accounts are gateways for accessing critical information. Password management makes this possible. After all, authentication should ensure that a user is whom they claim to be.

https://thehackernews.com/2021/02/how-to-audit-password-changes-in-active.html

Project Zero: Déjà vu-lnerability

A Year in Review of 0-days Exploited In-The-Wild in 2020

https://googleprojectzero.blogspot.com/2021/02/deja-vu-lnerability.html

E-Tretroller sind leicht zu überwachen und zu manipulieren

Die Apps der Verleiher sind sehr auskunftsfreudig. Mit den übertragenen Daten lässt sich ein E-Tretroller sogar während der Fahrt abschalten.

https://heise.de/-5045945

Browser sync-what are the risks of turning it on?

Browser synchronization is a handy feature but it comes with a few risks. Heres what you should be asking yourself before you switch it on.

https://blog.malwarebytes.com/privacy-2/2021/02/browser-sync-what-are-the-risks-of-turning-it-on/

This old form of ransomware has returned with new tricks and new targets

Cerber was once the most common form of ransomware - and now its back, years after its heyday.

https://www.zdnet.com/article/this-old-form-of-ransomware-has-returned-with-new-tricks-and-new-targets/

Vulnerabilities

Upcoming Security Updates for Adobe Acrobat and Reader (APSB21-09)

A prenotification security advisory (APSB21-09) has been posted regarding upcoming Adobe Acrobat and Reader updates scheduled for the week of February 09, 2021.

https://blogs.adobe.com/psirt/?p=1967

Critical Bugs Found in Popular Realtek Wi-Fi Module for Embedded Devices

Major vulnerabilities have been discovered in the Realtek RTL8195A Wi-Fi module that could have been exploited to gain root access and take complete control of a devices wireless communications.

https://thehackernews.com/2021/02/critical-bugs-found-in-popular-realtek.html

Jetzt patchen! Sicherheitsupdate für SonicWall SMA 100 ist da

Derzeit haben es Angreifer auf das Fernzugriffsystem SMA 100 von SonicWall abgesehen. Nun gibt es Patches.

https://heise.de/-5045657

Security updates for Thursday

Security updates have been issued by CentOS (glibc, linux-firmware, perl, and qemu-kvm), Debian (dnsmasq), Fedora (netpbm), Mageia (firefox, messagelib, python and python3, ruby-nokogiri, and thunderbird), Oracle (kernel, perl, and qemu-kvm), Red Hat (flatpak), and SUSE (openvswitch and python-urllib3).

https://lwn.net/Articles/845088/

Panasonic Video Insight VMS vulnerable to arbitrary code execution

https://jvn.jp/en/jp/JVN42252698/

ZDI-21-151: (0Day) Hewlett Packard Enterprise Moonshot Provisioning Manager khuploadfile Stack-based Buffer Overflow Remote Code Execution Vulnerability

http://www.zerodayinitiative.com/advisories/ZDI-21-151/

ZDI-21-150: (0Day) Hewlett Packard Enterprise Moonshot Provisioning Manager khuploadfile Directory Traversal Remote Code Execution Vulnerability

http://www.zerodayinitiative.com/advisories/ZDI-21-150/

Security Bulletin: IBM Java SDK and IBM Java Runtime for IBM i are affected by CVE-2020-14781

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-java-sdk-and-ibm-java-runtime-for-ibm-i-are-affected-by-cve-2020-14781/

Security Bulletin: IBM SDK Java Quarterly CPU Jul 2020 Vulnerabilities Affect IBM Transformation Extender

https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sdk-java-quarterly-cpu-jul-2020-vulnerabilities-affect-ibm-transformation-extender-2/

Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM i

https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-affect-ibm-i-5/